Many European Web sites lack basic such consumer-protection measures as a privacy policy and information about order cancellations, despite EU directives requiring them, according to a new pan-European study.

The study indicates that even though the Web is no longer a novelty, many e-commerce sites aimed at consumers still lack basic protections for their personal data.

The study, carried out by IWD Market Research Institute for World IT Lawyers, found that nearly half -- 44 percent -- of surveyed Web sites did not have a privacy policy or privacy-protection technology. The UK was among the best in this category, with 71 percent having a privacy policy or technology; France was the worst, with 61.7 percent of sites having no such policy.

Sites are required by data protection law to give users the opportunity to opt out of direct marketing schemes, but 58 percent of sites in Britain did not state this, the study found. Germany was the worst offender in this category, however, with 81.7 percent lacking an opt-out mechanism.

Despite the unpopularity of junk emails, few sites had policies against spamming -- 10.5 percent across Europe, and just 6.7 percent in the UK.

Surprising numbers of sites even lacked basic consumer information such as whether VAT is included in the sale price: in the UK, more than half did not indicate whether VAT was included. Thirty percent of sites across Europe did not give information on delivery costs.

Nearly 60 percent of sites across Europe did not provide information on the consumer's right to cancel an order for any reason within seven working days, despite a legal requirement to do so. In the UK, one-quarter of sites did not provide this information.